Skip to Menu Skip to Search Contact Us Hong-Kong Websites & Languages Skip to Content

ISO has officially released ISO/IEC 27001:2013, the new version of information security management standard on Sept 2013. The new version has made various changes in the main contents, risk management and annex. SGS reminds in particular that the certified clients shall upgrade its management system certification before 30th Sept., 2015.

Information security is the key issue currently, as you know, the organization shall be beneficial to take the following controls and to improve information security management in according with the new version standard. 

1. The management representatives should study the new standard or take part in relevant seminars so as to catch up the changes of information security. The internal auditors of the organizations are suggested attending  the related training courses to master the changes of the new standard.

2. The risk management should be completed and documented following the new standard requirements and. When necessary, the original program will be revised and risk evaluation should be conducted, with a conversion from centering on information assets to focusing on business risk and relevant effects.

3. The management system documentation should be upgraded in accordance with the requirements of new standard and the results of risk re-evaluation. The documents include the Manual, SoA, the Work Instructions and the records . The key areas , such as the roles and the responsibilities of the security organization, the information security management objectives, the demands of relevant stakeholders and risk evaluation of supply chain information security, shall be covered.

4. The new information security system of the  organization shall be run to prove its effectiveness and efficiency before applying for certification.

Related training course:
1) IRCA Certified ISMS Transition to ISO/IEC 27001:2013 Training Course (A17713) (7 - 8 April 2014)

2) IRCA Certified ISO 27001:2013 Information Security Management System (ISMS) Auditor/Lead Auditor Training (21 - 27 May 2014)

3) ISO/IEC 27001:2013 - Standard Interpretation and Requirement Training (19 - 20 May 2014)

SGS Hong Kong Limited
5/F, Manhattan Centre, 8 Kwai Cheong Road, Kwai Chung, NT, HK
T: (852) 2765 3620
F: (852) 2333 2257
hk.ssc@sgs.com